fz0x1/Picocrypt
1
0
Fork 0
mirror of https://github.com/Picocrypt/Picocrypt.git synced 2025-05-12 13:48:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

handle more errors for keyfile code

Browse source
This commit is contained in:
Evan Su 2025-04-18 16:29:42 -04:00
parent 1b55200b84
commit b0c2943bb0
1 changed files with 58 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
src/Picocrypt.go
View file

@ -1537,7 +1537,12 @@ func work() {
giu.Update() giu.Update()
// Subtract the header size from the total size if decrypting // Subtract the header size from the total size if decrypting
stat, _ := os.Stat(inputFile) stat, err := os.Stat(inputFile)
if err != nil {
resetUI()
accessDenied("Read")
return
}
total := stat.Size() total := stat.Size()
if mode == "decrypt" { if mode == "decrypt" {
total -= 789 total -= 789
@ -1642,6 +1647,18 @@ func work() {
if _, err := rand.Read(nonce); err != nil { if _, err := rand.Read(nonce); err != nil {
panic(err) panic(err)
} }
if bytes.Equal(salt, make([]byte, 16)) {
panic(errors.New("fatal crypto/rand error"))
}
if bytes.Equal(hkdfSalt, make([]byte, 32)) {
panic(errors.New("fatal crypto/rand error"))
}
if bytes.Equal(serpentIV, make([]byte, 16)) {
panic(errors.New("fatal crypto/rand error"))
}
if bytes.Equal(nonce, make([]byte, 24)) {
panic(errors.New("fatal crypto/rand error"))
}
// Encode values with Reed-Solomon and write to file // Encode values with Reed-Solomon and write to file
_, errs[4] = fout.Write(rsEncode(rs16, salt)) _, errs[4] = fout.Write(rsEncode(rs16, salt))
@ -1764,6 +1781,9 @@ func work() {
32, 32,
) )
} }
if bytes.Equal(key, make([]byte, 32)) {
panic(errors.New("fatal crypto/argon2 error"))
}
// If keyfiles are being used // If keyfiles are being used
if len(keyfiles) > 0 || keyfile { if len(keyfiles) > 0 || keyfile {
@ -1772,7 +1792,10 @@ func work() {
var keyfileTotal int64 var keyfileTotal int64
for _, path := range keyfiles { for _, path := range keyfiles {
stat, _ := os.Stat(path) stat, err := os.Stat(path)
if err != nil {
panic(err) // we already checked os.Stat in onDrop
}
keyfileTotal += stat.Size() keyfileTotal += stat.Size()
} }
@ -1782,7 +1805,10 @@ func work() {
// For each keyfile... // For each keyfile...
for _, path := range keyfiles { for _, path := range keyfiles {
fin, _ := os.Open(path) fin, err := os.Open(path)
if err != nil {
panic(err)
}
for { // Read in chunks of 1 MiB for { // Read in chunks of 1 MiB
data := make([]byte, MiB) data := make([]byte, MiB)
size, err := fin.Read(data) size, err := fin.Read(data)
@ -1790,27 +1816,36 @@ func work() {
break break
} }
data = data[:size] data = data[:size]
tmp.Write(data) // Hash the data if _, err := tmp.Write(data); err != nil { // Hash the data
panic(err)
}
// Update progress // Update progress
keyfileDone += size keyfileDone += size
progress = float32(keyfileDone) / float32(keyfileTotal) progress = float32(keyfileDone) / float32(keyfileTotal)
giu.Update() giu.Update()
} }
fin.Close() if err := fin.Close(); err != nil {
panic(err)
}
} }
keyfileKey = tmp.Sum(nil) // Get the SHA3-256 keyfileKey = tmp.Sum(nil) // Get the SHA3-256
// Store a hash of 'keyfileKey' for comparison // Store a hash of 'keyfileKey' for comparison
tmp = sha3.New256() tmp = sha3.New256()
tmp.Write(keyfileKey) if _, err := tmp.Write(keyfileKey); err != nil {
panic(err)
}
keyfileHash = tmp.Sum(nil) keyfileHash = tmp.Sum(nil)
} else { // If order doesn't matter, hash individually and combine } else { // If order doesn't matter, hash individually and combine
var keyfileDone int var keyfileDone int
// For each keyfile... // For each keyfile...
for _, path := range keyfiles { for _, path := range keyfiles {
fin, _ := os.Open(path) fin, err := os.Open(path)
if err != nil {
panic(err)
}
tmp := sha3.New256() tmp := sha3.New256()
for { // Read in chunks of 1 MiB for { // Read in chunks of 1 MiB
data := make([]byte, MiB) data := make([]byte, MiB)
@ -1819,14 +1854,18 @@ func work() {
break break
} }
data = data[:size] data = data[:size]
tmp.Write(data) // Hash the data if _, err := tmp.Write(data); err != nil { // Hash the data
panic(err)
}
// Update progress // Update progress
keyfileDone += size keyfileDone += size
progress = float32(keyfileDone) / float32(keyfileTotal) progress = float32(keyfileDone) / float32(keyfileTotal)
giu.Update() giu.Update()
} }
fin.Close() if err := fin.Close(); err != nil {
panic(err)
}
sum := tmp.Sum(nil) // Get the SHA3-256 sum := tmp.Sum(nil) // Get the SHA3-256
@ -1842,7 +1881,9 @@ func work() {
// Store a hash of 'keyfileKey' for comparison // Store a hash of 'keyfileKey' for comparison
tmp := sha3.New256() tmp := sha3.New256()
tmp.Write(keyfileKey) if _, err := tmp.Write(keyfileKey); err != nil {
panic(err)
}
keyfileHash = tmp.Sum(nil) keyfileHash = tmp.Sum(nil)
} }
} }
@ -1852,7 +1893,9 @@ func work() {
// Hash the encryption key for comparison when decrypting // Hash the encryption key for comparison when decrypting
tmp := sha3.New512() tmp := sha3.New512()
tmp.Write(key) if _, err := tmp.Write(key); err != nil {
panic(err)
}
keyHash = tmp.Sum(nil) keyHash = tmp.Sum(nil)
// Validate the password and/or keyfiles // Validate the password and/or keyfiles
@ -1926,7 +1969,10 @@ func work() {
} }
done, counter := 0, 0 done, counter := 0, 0
chacha, _ := chacha20.NewUnauthenticatedCipher(key, nonce) chacha, err := chacha20.NewUnauthenticatedCipher(key, nonce)
if err != nil {
panic(err)
}
// Use HKDF-SHA3 to generate a subkey for the MAC // Use HKDF-SHA3 to generate a subkey for the MAC
var mac hash.Hash var mac hash.Hash